cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

We have a McAfee 410 running v70103. IPv6 has been enabled on both Internal and External interfaces. A Static Route has been configured. I've added multiple IPv6 addresses in Network Objects.

When i try to create an IPv6 rule, the Endpoint option <Any V6> is not present. The only two that show are <Any> and <Any V4>. After enabling IPv6 on one or more interfaces, this option should appear, but it doesnt.

Next, I cannot select my new IPv6 addresses from the Endpoint list. They do not appear either.

Dead in the water right now from what appears to be a bug. I've configured IPv6 on newer S4016's w/o issue...

1 Solution

Accepted Solutions
sliedl
Level 14
Report Inappropriate Content
Message 2 of 8

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

You cannot configure IPv6 for proxy rules, so make sure the Service(s) in your rule is a packet-filter service and not a proxy.

7 Replies
sliedl
Level 14
Report Inappropriate Content
Message 2 of 8

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

You cannot configure IPv6 for proxy rules, so make sure the Service(s) in your rule is a packet-filter service and not a proxy.

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

ok... so instead of using the default 'http' or 'https' (proxy) i need to create a new Service as a "TCP/UDP Packet Filter?"

sliedl
Level 14
Report Inappropriate Content
Message 4 of 8

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

Yes, exactly.  Create a packet-filter service on ports 80,443 to pass HTTP and HTTPS traffic over IPv6.

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

Interesting. So why/how did this change with the newer version 8 software?

My next hurdle is the following error message i received about the new Service.

"Service requires an Application Defense of the following types: ['ipf', 'group', 'defaultgroup']."

I'm not very familiar w/ the Application Defense section. Can you push me in the right direction here?

Thanks!

sliedl
Level 14
Report Inappropriate Content
Message 6 of 8

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

I believe this means you need to select an Application Defense in this rule.  I don't see how it's possible to not select an App. Defense in a rule (one is automatically selected when you create a rule) but maybe this comes from having IPv6 turned on (I do not have IPv6 turned on on my firewall).

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

ok, so within the Rule i just selected the Application Defense named "default (ipf)". I also selected the Service that i just created. I was finally able to save the rule.

No word yet on if the Rule works or not as there are other settings in the network that have not yet been complete. That's out of my control at the moment.

Thanks for the quick turnaround, sliedl. i would have never figured out that i needed to create a new Service for IPv6. I didnt have to do this on our other firewalls running the newer software.

i'll post again once i see traffic flowing.

Re: Firewall Enterprise IPv6 - Cannot Add Rules

Jump to solution

i realize im posting this a month later, but i was able to get IPv6 traffic flowing by using that "default (ipf)" option in the rule. I had to wait for others in the network chain to get their part done. So we're good.

btw, does anyone know what exactly "default (ipf)" or "default (group)" means?

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community